If I show a model, is it possible that a malicious client edits the js and loads a model that I don't want to show?

Francisco_Tacoronte · August 11, 2022, 9:30am

I am creating a web page where each user can view their models. I save all the models in the same folder page and depending on the user I load one model or another. By editing the code, could a client load the model of a different client?

anidivr · August 11, 2022, 10:38pm

I’ll assume “I save all the models in the same folder page” means a folder on the server? Is there any access restrictions implemented to block a user looking outside their own folder? If not, then yes, it will be possible to look in other folders by guessing or discovery. I recommend using GUIDs for a user’s folder to reduce the risk.

Topic		Replies	Views
If I want to upload my model, what do i do? Questions loading	2	2391	October 30, 2018
Restrict model to download through network tab Questions security	3	353	October 11, 2021
How to prohibit code execution before downloading? Questions loaders	7	791	June 6, 2021
Load 3d models from file server Questions loaders , hosting	3	665	February 13, 2023
Why can i not see the model and where is the model "code" being inputed? Questions	6	412	October 24, 2018

If I show a model, is it possible that a malicious client edits the js and loads a model that I don't want to show?

Related Topics